Massachusetts Mutual Life Insurance Company (“MassMutual,” “We,” "Our,” or “Us,”) is committed to protecting the confidentiality, integrity, and availability of our information systems and applications. We take cybersecurity seriously and encourage those who have discovered possible security issues in our information systems and applications to disclose it to us in a responsible manner. Our Responsible Disclosure Policy (“RDP”) is intended to give security researchers a mechanism to report security issues in any of our information systems and applications.
MassMutual RDP Rules:
- Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue may not be marked as triaged.
- Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
- When duplicates occur, only the first report that was received will be triaged (provided that it can be fully reproduced).
- Multiple vulnerabilities caused by one underlying issue will be treated as one valid report.
- Social engineering (e.g., phishing, vishing, smishing) is prohibited.
- Do not access, copy, store, transfer, or download any proprietary or confidential MassMutual data.
- Do not delete or alter user generated data; impair, disrupt, or disable information systems and applications; or render data inaccessible.
- Do not engage in any activity that violates any applicable law or regulation. (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.
- Failure to abide by MassMutual’s terms and conditions will be deemed by MassMutual, in its sole discretion, to be unauthorized activity. MassMutual expressly reserves all rights afforded to it, by law or in equity, in this regard.